External LDAP for authentication

Similar Messages

• WLC connect LDAP for Authentication, but could not connect to server

  Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
  Service Port - Not connected
  Distrubution port include:
       Management Interface - in AP Management VLAN - 30
       Student AP interface - in Student VLAN - 20
       Staff AP interface - in Staff VLAN - 10
  AD is in Staff VLAN - 10
  WLC LDAP Server setting
  Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  User Attribute: sAMAccountName
  User Object Type: Person
  Debug aaa all enable message
  *LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
  WLC GUI Log:
  *LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  LDP Message of LDAP BaseDN:
  Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
  Result <0>: (null)
  Matched DNs:
  Getting 1 entries:
  >> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  4> objectClass: top; person; organizationalPerson; user;
  1> cn: Frankie F. Yeung;
  1> sn: Yeung;
  1> givenName: Frankie;
  1> initials: F;
  1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  1> instanceType: 0x4 = ( IT_WRITE );
  1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
  1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
  1> displayName: Frankie F. Yeung;
  1> uSNCreated: 3850555;
  1> uSNChanged: 3850571;
  1> name: Frankie F. Yeung;
  1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
  1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
  1> badPwdCount: 0;
  1> codePage: 0;
  1> countryCode: 0;
  1> badPasswordTime: 0;
  1> lastLogoff: 0;
  1> lastLogon: 0;
  1> pwdLastSet: <ldp error <0x0>: cannot format time field;
  1> primaryGroupID: 513;
  1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
  1> accountExpires: <ldp error <0x0>: cannot format time field;
  1> logonCount: 0;
  1> sAMAccountName: fckyeung;
  1> sAMAccountType: 805306368;
  1> userPrincipalName: [email protected];
  1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  Hope I can resolve this problem ASAP, thanks!

  Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
  The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
  But you can do LDAP for web authentication, that has no eap methods.
  Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

• External LDAP for UCM

  Hi.
  Is it possible to use external LDAP server for my UCM server without using external LDAP server for my admin server?
  That is I have a domain with admin server and UCM server.
  My admin server doesn't have external LDAP.
  So is it possible to use external LDAP server for my UCM server in such situation?
  And if it is possible, could you give me some information about it?
  (sorry for my english)

  First of all, thank you for links.
  But I have a problem: I configured my own LDAP provider and I can see that 'Connection State' is good (5 out of 5 connections are good), but I can not log in into UCM with users in my LDAP (Invalid Credentials. Please try entering your user name and password again.).
  Here is my LDAP provider configuration:
  Provider Name:      MyLDAP
  Provider Description:      MyLDAP
  Connection State:      5 out of 5 connections are good
  Last Activity Date:      12/17/12 4:23 PM
  Provider Type:      ldapuser
  Provider Class:      intradoc.provider.LdapUserProvider
  Provider Connection:      intradoc.provider.LdapConnection
  Source Path:      MyLDAP
  LDAP Server:      localhost
  LDAP Suffix:      dc=example,dc=com
  LDAP Port:      10389
  Number of connections:      5
  Connection timeout:      10
  Priority:      1
  Credential Map:      
  SSL Enabled:      No
  Attribute Map:      uid:dFullName
  Role Prefix:      ou=groups
  Default Network Roles:      guest
  Filter Groups:      Yes
  Use Full Group Name:      No
  LDAP Admin DN:      uid=admin,ou=system
  And my LDAP structure:
  "dc=example,dc=com"
  _____"ou=groups,dc=example,dc=com"
  __________"cn=Administrators,ou=groups,dc=example,dc=com"
  __________"cn=admin,ou=groups,dc=example,dc=com"
  _____"ou=people,dc=example,dc=com"
  __________"uid=asdasd,ou=people,dc=example,dc=com"
  __________"uid=qweqwe,ou=people,dc=example,dc=com"
  In 'cn=Administrators' entry I have 'uniqueMember:uid=asdasd,ou=people,dc=example,dc=com' property
  In 'cn=admin' entry I have 'uniqueMember:uid=qweqwe,ou=people,dc=example,dc=com' property
  Nevertheless I can't log in into UCM with users in my LDAP (Invalid Credentials. Please try entering your user name and password again.).
  Could you show me my mistake?
  Edited by: Michael Baygeldin on Dec 17, 2012 5:34 AM

• AD LDAP for Authentication but ABAP or IDM for Role Assignments

  Hi Portal Gurus,
  Is it possible to configure the UME in such as way so that it connects to the AD for authentication purposes but uses the CUA or SAP Identity Manager for role assignments?
  Thanks,
  Vibhu

  Hi,
  Thanks for the suggestion. But ours was a different problem.
  The issue was with a faulty reconciliation job that had been fixed. But it had done its damage before the fix and this caused the inconsistent behavior.
  During the reconciliation job (to update changed and add new backend roles in IDM) various task trigger attributes get disabled and then re-enabled after the import. These disabled triggers did not get re-enabled for the privileges on some systems. And the reconciliation job was also delta enabled, so only new privileges, after the initial load, should have been impacted. But impact to many privileges -- all privileges of some target systems -- misled our investigation. The timing of the reconciliation job executions kind of added to the confusion and inconsistencies during the initial setup. But we finally tracked this down and wrote a custom job to fix the triggers for only the affected privileges. Assignments to all systems started to function successfully as expected.
  Best regards,
  Ashok

• Setting up LDAP for authentication to portal:default property set named "ldap

  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal .Iam went
  thru the docmentation ( http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deploying ldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have to do any additional
  steps in order to make my portal(say,stockportal) authenticate users from LDAP?
  -If a create my own portal,should I create a similar "ldap" property set?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

  Thanks Dave.
  "David Anderson" <[email protected]> wrote:
  You should be able to view the property set for LDAP through the EBCC
  if you
  have the propertysetws.jar installed in your Portal domain. This provides
  the ability for the EBCC to retrieve property set information from your
  server.
  Dave
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi Adrian
  Thank you for the pointers.Much appreciate it.However,one questionstill
  persists.
  What is the significance of the property set "ldap" mentioned in the
  document(http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).Where
  does this property set feature vis-a-vis setting up LDAP securityrealm;does it
  mater prior to/after the setting up as mentioned in the document pointeryou just
  gave .
  Is it sufficinet that i follow the procedure to set up the LDAP oris
  there more
  to post setting,like creating a property set (similar to "ldap" orcloning
  it)
  apaprt frpom deploying ldapprofile.jar.
  Thanks.
  - Mike
  "Adrian Fletcher" <[email protected]> wrote:
  Mike,
  The documentation that covers LDAP authentication is listed under
  Weblogic
  Server rather than Weblogic Portal.
  See Configuring the LDAP Security Realm in Managing Security
  (http://e-docs.bea.com/wls/docs61////adminguide/cnfgsec.html#1071872)
  Also take a look at the FAQ - Why can't I boot WebLogic Server whenusing
  the LDAP Security Realm?
  (http://e-docs.bea.com/wls/docs61//faq/security.html#25833)
  Hope this helps,
  Sincerely,
  Adrian.
  Adrian Fletcher.
  Senior Software Engineer,
  BEA Systems, Inc.
  Boulder, CO.
  email: [email protected]
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal.Iam
  went
  thru the docmentation
  http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deployingldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have
  to
  do any
  additional
  steps in order to make my portal(say,stockportal) authenticate usersfrom
  LDAP?
  -If a create my own portal,should I create a similar "ldap" propertyset?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

• Regarding SAP CUA vs Corporate LDAP for authentication purposes

  Hello All:
     Could anyone please give more information about SAP CUA and the corporate LDAP? Please suggest which is more advantageous and what is the cost involved in each of these. These are the options for the authentication of SAP Enterprise Portal in our system here. We want to figure out which has more advantages over the other one.
  Thanks,
  LBuegg

  Hello all,
     Appreciate your response for this query. We need to figure out the options soon. Its kind of urgent.
  Thanks again..
  L Buegg.

• OWSM won't connect to ldap for authentication in policy

  System: 10.1.3 on Windows with SOA Suite
  I've got a web service deployed, got OWSM running, have registered the web service with a gateway component and have built a basic policy (just to log) in the Pipeline "request" and Pipeline "Response" parts of the governing policy; this basic policy works correctly. However, when I try to add an "Ldap Authenticate" step to the Pipeline "Request" part of the policy, OWSM doesn't seem to really try to connect to the LDAP. I have tried two LDAPs (Lotus Notes and OID) that are operational - I can access both of them via command line using the same credentials with which I configured the "Ldap Authenticate" step. Yet, when I invoke the web service with the "Ldap Authenticate" step configured in the policy I get the following exception:
  A fault was thrown in the step Client.AuthenticationFault:Invalid username or password
  I'm pretty dang sure I have entered the correct credentials in the "Ldap Authenticate" configuration (I checked it 45,000 times) - it seems that OWSM really isn't trying to connect to the LDAPs - and there's no logging that I've found that will tell me what it's really trying to do.
  Anyone have any hints or know what's going on?

  I have the same problem.
  With the help of Vikas's instuctions for changing log level I could log the gateway's activities:
  security.WSBasicCredsExtractor - Element Value:farbod
  security.WSBasicCredsExtractor - Element Value:mypassword
  security.WSBasicCredsExtractor - Successfully retrieved username and password
  security.WSBasicCredsExtractor - Removing the UsernameToken Header
  ldap.DirContextHolder - Creating new directory context
  ldap.LDAPAuthenticatorStep - Failed to connect to ldap server.
  I am unsure whether my LDAP settings in OWSM are correct:
  my server name is nfsserver.com(OID Server) and I have this user in OID:
  cn=farbod,cn=Users,dc=nfsserver,dc=com
  so I think these settings should work:
  LDAP host (*)      nfsserver
  LDAP port (*)      389      
  User objectclass (*)      inetOrgPerson      
  LDAP baseDN (*)      cn=Users,dc=nfsserver,dc=com
  LDAP adminDN (*)      cn=orcladmin,cn=Users,dc=nfsserver,dc=com
  LDAP admin password      ******          
  LDAP admin login enabled (*)      true
  Uid Attribute (*)      string      uid      
  User Attributes to be retrieved      uid
  Is the bold part correct?
  Regards
  Farbod

• LDAP for authentication

  Hey Guys,
  I noticed that when a group memebership change sin LDAP, it takes some time for the changes showup on the portal. I think that the portal caches the LDAP membership and refreshes it from time to time. Does anybody what the default value is? And is there a way to chnage this frequency of refresh?
  Thank You
  Madhavi

  Madhavi,
  Default timeout is 2.5 mins(150000 ms). You can set the PageTimeout property in Page Editor.. For more information, pls take a look at the following link.
  http://help.sap.com/saphelp_nw04/helpdata/en/b4/12083e7623445ae10000000a11405a/frameset.htm
  In your case, you can check the par file and change the setting..
  Hope, this helps
  Jojo

• Authentication in weblogic portal server 8.1 sp2 using external LDAP

  Hi,
  I am trying to use external LDAP for authentication.
  I have configured the ActiveDirectoryAuthenticator giving the necessary
  values
  ( and added
  "-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
  ator" in startWeblgoic.cmd )
  and can see the users and the groups from my LDAP provider in the admin
  console and in the admin portal's "users and groups".
  A set of users are given permission to access the restricted site and those
  users are visible in the global role with the permission.
  The web.xml is configured for BASIC auth-method, and the role is
  <externally-defined/> in weblogic.xml.
  Now when I access a restricted page, I am shown a dialog prompt to key in
  the username and password.
  Even when I key in the valid credentials, the restricted page is not shown
  and an "Unauthorized xxx" 401 access error is thrown.
  Any clue, on what i am missing.?
  Please let me know if any suggestion / idea.
  Regards,
  Arun.

  Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
  In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
  Brad

• Can I map iwtUser-role to an attribute in external LDAP???

  Hi,
       I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

  Block off the default role if you don't want anyone going into that role but only
  the ones defined. You can do this by setting the filter to a value that will return
  nothing. (example, title=nonexistant), since the search filter will not return
  results, no one will be placed in that role (otherwise have to manually go into that
  role and 'move' users).
  Hope this helps,
  Manon
  Siva kancheti wrote:
  Hi,
  I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

• External LDAP + Roles in portal

  Folks,
  I use weblogic 8.1 portal.
  Can we use an external LDAP for storing portal roles? If so, what is supported,
  recommended, etc. Does BEA have a recommendation/document on how to support an
  environment with multiple domains that share a common LDAP so that we don’t have
  to keep them all sync.
  Thanks
  - Lara

  Lara,
  The WLS SSPI (plug-in provider architecture) allows you to add additional
  role mappers, however the WLS out-of-the-box authorizer and role mapper are
  still required for WLP. Also, in a WLS domain/cluster each managed server
  has a copy of the LDAP which is automatically kept in sync by the admin
  server.
  -Phil
  "Lara Man" <[email protected]> wrote in message
  news:3f78852c$[email protected]..
  >
  Folks,
  I use weblogic 8.1 portal.
  Can we use an external LDAP for storing portal roles? If so, what issupported,
  recommended, etc. Does BEA have a recommendation/document on how tosupport an
  environment with multiple domains that share a common LDAP so that wedon't have
  to keep them all sync.
  Thanks
  - Lara

• Retrieve parameters from LDAP using authentication module

  I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
  I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
  OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
  This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
  The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
  If the forwarding is not possible what is the next best alternative ?

  OpenSSO forum is quite silent so I'm back with you guys.
  I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
  The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
  My LDAP looks like this:
  # testuser, pollo.fi
  dn: cn=testuser,dc=pollo,dc=fi
  cn: testuser
  objectClass: organizationalPerson
  objectClass: inetOrgPerson
  givenName: Test
  sn: User
  ou: People
  uid: testuser
  mail: [email protected]
  And my datastore configuration:
  LDAP server->localhost:389
  LDAP bind DN->cn=admin,dc=pollo,dc=fi
  LDAP organization DN->dc=pollo,dc=fi
  Attribute name mapping->empty
  LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
  LDAP3 Plugin search scope->scope_sub
  LDAP Users Search Attribute->uid
  LDAP Users Search Filter->(objectclass=inetorgperson)
  LDAP User Object Class->organizationalPerson
  LDAP User Attributes->uid, userpassword
  Create User Attribute Mapping->empty
  Attribute Name of User Status->inetuserstatus
  User Status Active Value->Active
  User Status Inactive Value->inactive
  LDAP Groups Search Attribute->cn
  LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
  LDAP Groups container Naming Attribute->ou
  LDAP Groups Container Value->groups
  LDAP Groups Object Class->top
  LDAP Groups Attributes->cn,description,dn,objectclass
  Attribute Name for Group Membership->empty
  Attribute Name of Unqiue Member->uniqueMember
  Attribute Name of Group Member URL->memberUrl
  LDAP People Container Naming Attribute->ou
  LDAP People Container Value->people
  LDAP Agents Search Attribute->uid
  LDAP Agents Container Naming Attribute->ou
  LDAP Agents Container Value->agents
  LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
  LDAP Agents Object Class->sunIdentityServerDevice,top
  LDAP Agents Attributes->empty
  Identity Types That Can Be Authenticated->Agent,User
  Authentication Naming Attribute->uid
  Persistent Search Base DN->dc=pollo,dc=fi
  Persistent Search Filter->(objectclass=*)
  Persistent Search Maximum Idle Time Before Restart->0
  Should I enable some setting still to get the forwarding going on? Any ideas for debugging?

• External LDAP - Configuring the External LDAP to the Weblogic Server 10.3.3

  I m new to LDAP concepts. Is there any documentation link to configure any of the External LDAP for WLS 10.3.3?
  Where can I download to install the Extarnal LDAP?
  Thanks

  To use Active Directory for quick testing with Weblogic, you can use either Suns Sun One Active Directory Server or OpenLDAP which is an open source LDAP. We use OpenLDAP on unix and configure this with WLS. All our users are in OpenLDAP. Try googling around like "OpenLDAP Download" or "Sun One Directory Server" etc. All these are LDAP sources with very minor differences (Some extra attributes here and there). Configuration wise all are same from WLS point of view. We define LDAPs Host, Port, admin useranme/password, User basedn and Group basedn. These are minimum things we need to know upfront.
  Thanks
  Ravi Jegga

• Custom user name mapper needs external LDAP connection.

  I have a custom user name mapper that needs to connect to our external LDAP. Our security realm is configured to connect to the external LDAP for users and groups. Is there a way to reuse this connection in the custom user name mapper?

  I have a custom user name mapper that needs to connect to our external LDAP. Our security realm is configured to connect to the external LDAP for users and groups. Is there a way to reuse this connection in the custom user name mapper?

• Anyone configured OID with weblogic as external LDAP

  Hey,
  I need help from someone who configured Oracle Internet Directory with weblogic 7 or any version to us as external LDAP server.
  Your Help is greatly appreciated.
  Thanks & Best Regards,
  Nagendra

  I was able to use OID as external LDAP for my Weblogic. I was able to move the stuff from Weblogic Embedded LDAP to Oracle Internet Directory Server, I have done it by myself
  Thanks
  Nagendra